Forum Discussion

Nimbostratus

Apr 07, 2014

OpenSSL and Heart Bleed Vuln

Get the latest updates on how F5 mitigates Heartbleed Hi Team, I know this question is eventually going to be asked - I may as well do it. With the news today about the Heartblee...

Nimbostratus

Apr 08, 2014

if you want to test you could use

http://filippo.io/Heartbleed/

Beinhard_8950
Nimbostratus
Apr 08, 2014
Some other testtool that you run by yourself. https://gist.github.com/sh1n0b1/10100394 http://s3.jspenguin.org/ssltest.py
BinaryCanary_19
Historic F5 Account
Apr 08, 2014
It's easy to know if you're vulnerable to this: You are running an affected openssl version. You can simply run "openssl version" on the CLI.
boneyard
MVP
Apr 08, 2014
that onyl shows half of the picture in some cases and isnt always possible with appliances.
cquick11_115408
Nimbostratus
Apr 08, 2014
I guess this applies to server-side ssl too, as i did that command and we are using 9.8 and native.
Lask1235_53562
Nimbostratus
Apr 08, 2014
Something i found to be helpful. The BIG-IP SSL profiles can use ciphers from two different SSL stacks; the NATIVE stack is built into the Traffic Management Microkernel (TMM), and the COMPAT stack, is based on the OpenSSL library. The NATIVE stack is an optimized SSL stack which can be used by the BIG-IP system to leverage hardware acceleration. F5 recommends using the NATIVE stack because it is suitable for most SSL connections. In BIG-IP 11.x, the SSL profiles only use ciphers from the NATIVE SSL stack. To use SSL ciphers from the COMPAT stack, you must manually configure the cipher string for the profile to COMPAT.